Wi-Fi Encryption Fix Not Perfect

Share

Wi-Fi Encryption Fix Not Perfect

The biggest security risk for "Wi-Fi" wireless Internet networks is that users sometimes fail to turn on their encryption software.

But even the responsible ones who use the encryption program – Wired Equivalent Privacy – aren't immune to malicious attacks.

A growing trend on the streets of Manhattan are WarDrivers who break into wireless networks for fun. A professional hacker or anyone with significant programming knowledge can hack through WEP and even steal data off the network.

"WEP provides a level of security too low for me to take seriously," said Niels Ferguson, a cryptography consultant in Amsterdam who helped come up with an alternative encryption to WEP.

The WEP replacement, Wi-Fi Protected Access, adopts a more rigorous standard for authenticating users in order to eliminate the former's security flaws.

However, WPA comes with its own set of problems: denial of service attacks that can shut down the network and leave people without wireless Internet access.

Ferguson said that all wireless protocols are susceptible to DoS attacks, but WPA "is subject to all of them plus one extra type of DoS attack."

Unlike WEP, WPA utilizes a series of mathematical algorithms to authenticate users who are logging onto the network and to prevent anyone without valid credentials from entering. But if hackers send "two failed forgeries," or packets of unauthorized data during a one-second period, the system assumes it is under attack, said Intel network security architect Jesse Walker in a white paper on 802.11 security.

To stop the attack, the system shuts itself down, Walker said.

"In this case, the station deletes its keys, disassociates, waits a minute and then re-associates," Walker said. "While this disrupts communications, it is necessary to thwart an active attack."

A series of these attacks can leave wireless users without access to their networks for a minute at a time, said Arnold Reinhold, a computer consultant who has debated with Ferguson about WPA over the Cryptography Mailing List.

"Physically locating the attacker is made much more difficult (on a wireless system) than finding an ordinary (radio frequency) jammer by the fact that only a couple of packets per minute need be transmitted," Reinhold said. "Also the equipment required has innocent uses – unlike a jammer – so prosecuting an apprehended suspect would be more difficult."

However, even if somebody does successfully breach a wireless network protected by WPA, Ferguson and members of the Wi-Fi Alliance aren't convinced that such an attack would be apparent to end users.

"Whether this is relevant in real life depends on whether the WPA-specific DoS attack is easier to mount than any of the generic 802.11 attacks," Ferguson said. "I believe there is no significant difference."

David Cohen, chairman of the security committee for the Wi-Fi Alliance, added, "This is something that happens very fast. It really shouldn't be anything that is noticeable."

Mounting such an attack is no trivial task either. The attacker would need a laptop computer, a Wi-Fi PC card, some software, advanced programming skills and a lot of time on his or her hands.

But Reinhold could think of reasons why someone would go through the trouble: Let's say you are a supermarket whose nearest competitor uses a wireless system to scan its goods. If you know that such an attack would slow down the cash registers, and that store would have a hard time proving you initiated the attack – why not send out those forged packets of data?

It's not an unrealistic concern for retailers either. This past summer, electronics retail store Best Buy removed the wireless scaners in their stores because of the security risks associated with WEP. They were more concerned about outsiders getting their customers' credit card information, but converting to WPA could open them up to other security breaches.

"(The attacker) won't do much damage," Reinhold said. "But if my cash registers go down for a minute because my competitors could do that to me, then that's not a good thing."

The latest vulnerability plaguing Wi-Fi security won't keep Wi-Fi gear from selling off the shelves – the networks are in many homes, college campuses and almost every Starbucks coffee shop in the country today, analysts say. But it may make businesses, such as Best Buy, think twice before implementing such a network in the office, they say.

"This is probably an indicator that you wouldn't consider (Wi-Fi) business-critical yet," said Eric Hemmendinger, a security analyst for market research firm Aberdeen Group. "If you are going to implement a wireless LAN (local area network) for anything more than convenience, you will have to add a whole bunch of stuff on it from a security perspective."

The least any business or individual with a Wi-Fi network should do is turn on the encryption software.

According to one WarDriver, approximately 60 percent of Wi-Fi networks in Manhattan don't have WEP turned on.

Surely, some security – even if it is not bullet-proof – is better than none.

"They spend thousands of dollars (on these networks) and don't turn on WEP," Ferguson said. "It's like locking a door with a big lock and leaving the window open."